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DETAILED ACTION 



1. 



Claims 34-45 have been examined. 



2. 



Responses to Applicant's remarks have been given. 



Continued Examination Under 37 CFR 1.114 



1 . A request for continued examination under 37 CFR 1.114, including the fee set 
forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this 
application is eligible for continued examination under 37 CFR 1.114, and the fee set 
forth in 37 CFR 1 .17(e) has been timely paid, the finality of the previous Office action 
has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 
10/23/08 has been entered. 



The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public 
use or on sale in this country, more than one year prior to the date of application for patent in the United 



Claims 34, 36, 37, 39, 41 , 42, 44 and 45 are rejected under 35 U.S.C. 1 02(b) as 
being anticipated by United States Patent No. 6,061,799 to Eldridge et al., hereinafter 
Eldridge. 

2. Regarding claim 34, Eldridge discloses a password recovery system for re- 
supplying a password, said password recovery system comprising: 
a communication terminal device (Figures 1, 7 and 8, column 1, lines 66 and 67, column 
2, lines 1-3, 9-16 and 64-67, column 3, lines 1-6 and 40-67 and column 7, lines 18-34); 



Claim Rejections - 35 USC § 102 



States. 
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a portable recording medium for being coupled to said communication terminal 
device (column 1, lines 66 and 67, column 2, lines 9-16 and 31-47, column 8, lines 63- 
67, column 9, lines 1-13 and 28-35 and column 11, lines 5-33, "diskette 142, CD-ROM 
147"), 

wherein said communication terminal device comprises: 

a controller for receiving from an external communication terminal device a signed data 
set, based on an indication for recovering the password from a user of said 
communication terminal device, the external communication terminal device 
guaranteeing legitimacy of the user of said communication terminal device and 
generating the signed data set with a secret key, and for outputting to said portable 
recording medium the received signed data set (Figures 3A, 3B, 5, 6B and 9, column 1, 
lines 66 and 67, column 2, lines 1-8, 31-47 and 64-67, column 3, lines 1-10, column 4, 
lines 62-67, column 5, lines 1-24, "one type of encryption key suitable for use as secret 
parameter 302 is a RSA private encryption key", column 7, lines 19-48, column 8, lines 
63-67 and column 9, lines 1-13 and 28-35), 
wherein said portable recording medium comprises: 

a memory for storing the password and a public key corresponding to the secret 
key (Figure 4, column 2, lines 31-67, column 3, lines 1-10, column 4, lines 62-67, 
column 5, lines 1-14 and 35-55, column 6, lines 44-67 and column 7, lines 1-14); 
a controller for inputting from said communication terminal device the signed data set, 
and f or judging using the public key and the signed data set whether the signed data set 
is signed by the external communication terminal device, wherein said controller of said 
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portable medium recovers the same password as the password stored in said memory 
of said portable recording medium when it is judged that the signed data set is signed 
by the external communication terminal device, and outputs the recovered password to 
said communication terminal device (column 5, lines 35-67, column 6, lines 1-11, 
column 7, lines 49-67 and column 8, lines 1-12, "posts the complementary 
authentication information to server process 216 or another server within the same 
domain so that the server will receive information sufficient to allow the client process to 
prove knowledge of the password"^ 

wherein said controller of said portable recording medium does not recover the same 
password as the password stored in said memory of said portable recording medium 
when it is judged that the signed data set is not signed by the external communication 
terminal device (Figure 5, element 506, "match?", Figure 7, element 708, "match?" and 
Figure 8, element 814, "match?", column 3, lines 2-10, "the apparatus comprises 
authorization logic responsive to one of the plurality of passwords and the secret 
parameter for allowing access by the identified client process", column 5, lines 39-48, 
"the term 'key' may refer to any data or authentication information which is currently 
used by a process to partake in an authentication protocol. For example, keys 308 may 
comprise a password itself, a one-way hash of a password, a public key corresponding 
to a private key derived from data including the password...", column 7, lines 34-39, "If 
the public key identifier received from process 216 does not match any of the public key 
identifiers 308C stored within ID file 300, the attempt to access server process 216 fails 
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and the authentication process terminates" and column 10, lines 23-54, "If no match 
occurs, the process ends"). 

3. Regarding claim 36, Eldridge discloses wherein said memory of said portable 
recording medium stores a predetermined number indicating a number of the signed 
data set that is required to recover the password, and wherein said controller of said 
portable recording medium counts a number of the signed data set when it is judged 
that the signed data set is signed by the external communication terminal device, 
recovers the same password as the password stored in said memory of said portable 
recording medium when the counted number of the signed data set reaches the 
predetermined number stored in said memory of said portable recording medium, and 
outputs the recovered password to said communication terminal device (column 1, lines 
66 and 67, column 2, lines 1-8, 31-47 and 64-67, column 3, lines 1-10, column 4, lines 
62-67, column 5, lines 1 -24 and lines 35-67, column 6, lines 1-11, column 7, lines 1 9- 
67, column 8, lines 1-12, "posts the complementary authentication information to server 
process 216 or another server within the same domain so that the server will receive 
information sufficient to allow the client process to prove knowledge of the password" 
and lines 63-67 and column 9, lines 1-13 and 28-35). 

4. Regarding claim 37, Eldridge discloses a communication terminal device for re- 
supplying a password to a user of the communication terminal device, wherein a 
portable recording medium is coupled to said communication terminal device, the 
portable recording medium storing the password (column 5, lines 35-67, column 6, lines 
1-11, column 7, lines 49-67 and column 8, lines 1-12, "posts the complementary 
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authentication information to server process 216 or another server within the same 
domain so that the server will receive information sufficient to allow the client process to 
prove knowledge of the password"), 
said communication terminal device comprising: 

a controller for receiving from an external communication terminal device a signed data 
set, based on an indication for recovering the password from the user of said 
communication terminal device, the external communication terminal device 
guaranteeing legitimacy of the user of said communication terminal device and 
generating the signed data set with a secret key, and for outputting to the portable 
recording medium the received signed data set (Figure 4, column 2, lines 31-67, column 
3, lines 1-10, column 4, lines 62-67, column 5, lines 1-14 and 35-55, column 6, lines 44- 
67 and column 7, lines 1-14), 
wherein the portable recording medium comprises: 

a memory for storing the password and a public key corresponding to the secret 
key (Figures 3A, 3B, 5, 6B and 9, column 1, lines 66 and 67, column 2, lines 1-8, 31-47 
and 64-67, column 3, lines 1-10, column 4, lines 62-67, column 5, lines 1-24, "one type 
of encryption key suitable for use as secret parameter 302 is a RSA private encryption 
key", column 7, lines 19-48, column 8, lines 63-67 and column 9, lines 1-13 and 28-35); 
a controller for inputting from said communication terminal device the signed data set, 
and f or judging, using the public key and the signed data set^ whether the signed data 
set is signed by the external communication terminal device, wherein the controller of 
the portable recording medium recovers the same password as the password stored in 



Application/Control Number: 10/684,400 Page 7 

Art Unit: 2431 

the memory of the portable recording medium when it is judged that the signed data set 
is signed by the external communication terminal device, and outputs the recovered 
password to said communication terminal device (column 1, lines 66 and 67, column 2, 
lines 1-8, 31-47 and 64-67, column 3, lines 1-10, column 4, lines 62-67, column 5, lines 
1-24 and lines 35-67, column 6, lines 1-11, column 7, lines 19-67, column 8, lines 1-12, 
"posts the complementary authentication information to server process 216 or another 
server within the same domain so that the server will receive information sufficient to 
allow the client process to prove knowledge of the password" and lines 63-67 and 
column 9, lines 1-13 and 28-35^ 

wherein the controller of the portable recording medium does not recover the same 
password as the password stored in the memory of the portable recording medium 
when it is judged that the signed data set is not signed bv the external communication 
terminal device (Figure 5, element 506, "match?", Figure 7, element 708, "match?" and 
Figure 8, element 814, "match?", column 3, lines 2-10, "the apparatus comprises 
authorization logic responsive to one of the plurality of passwords and the secret 
parameter for allowing access by the identified client process", column 5, lines 39-48, 
"the term 'key' may refer to any data or authentication information which is currently 
used by a process to partake in an authentication protocol. For example, keys 308 may 
comprise a password itself, a one-way hash of a password, a public key corresponding 
to a private key derived from data including the password...", column 7, lines 34-39, "If 
the public key identifier received from process 216 does not match any of the public key 
identifiers 308C stored within ID file 300, the attempt to access server process 216 fails 
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and the authentication process terminates" and column 10, lines 23-54, "If no match 
occurs, the process ends"). 

5. Regarding claim 39, Eldridge discloses wherein the memory of the portable 
recording medium stores a predetermined number indicating a number of the signed 
data set that is required to recover the password (Figure 4, column 2, lines 31-67, 
column 3, lines 1-10, column 4, lines 62-67, column 5, lines 1-14 and 35-55, column 6, 
lines 44-67 and column 7, lines 1-14), 

wherein the controller of the portable recording medium counts a number of the signed 
data set when it is judged that the signed data set is signed by the external 
communication terminal device, recovers the same password as the password stored in 
the memory of the portable recording medium when the counted number of the signed 
data set reaches the predetermined number stored in the memory of the portable 
recording medium, and outputs the recovered password to said communication terminal 
device (Figures 3A, 3B, 5, 6B and 9, column 1, lines 66 and 67, column 2, lines 1-8, 31- 
47 and 64-67, column 3, lines 1-10, column 4, lines 62-67, column 5, lines 1-24, column 
7, lines 19-48, column 8, lines 63-67 and column 9, lines 1-13 and 28-35). 

6. Regarding claim 41 , Eldridge discloses a memory for storing a piece of 
application software corresponding to the recovered password output from the portable 
recording medium, wherein said controller of said communication terminal device 
performs the piece of the application software using the recovered password (column 1, 
lines 66 and 67, column 2, lines 1-8, 31-47 and 64-67, column 3, lines 1-10, column 4, 
lines 62-67, column 5, lines 1 -24 and lines 35-67, column 6, lines 1-11, column 7, lines 
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19-67, column 8, lines 1-12, "posts the complementary authentication information to 
server process 21 6 or another server within the same domain so that the server will 
receive information sufficient to allow the client process to prove knowledge of the 
password" and lines 63-67 and column 9, lines 1-13 and 28-35). 
7. Regarding claim 42, Eldridge discloses a portable recording medium capable of 
being coupled to a communication terminal device and for re-supplying a password to a 
user of the communication terminal device, the communication terminal device receiving 
from an external communication terminal device a signed data set, based on an 
indication for recovering the password from the user of the communication terminal 
device, the external communication terminal device guaranteeing legitimacy of the user 
of the communication terminal device and generating the signed data set with a secret 
key, and for outputting to said portable recording medium the received signed data set 
(Figures 3A, 3B, 5, 6B and 9, column 1 , lines 66 and 67, column 2, lines 1 -8, 31 -47 and 
64-67, column 3, lines 1-10, column 4, lines 62-67, column 5, lines 1-24 and 56-67, 
column 7, lines 1 -1 1 and 1 9-48, column 8, lines 63-67 and column 9, lines 1 -1 3 and 28- 
35), 

said portable recording medium comprising: 

a memory for storing the password and a public key corresponding to the secret key 
(Figures 3A, 3B, 5, 6B and 9, column 1 , lines 66 and 67, column 2, lines 1 -8, 31 -47 and 
64-67, column 3, lines 1-10, column 4, lines 62-67, column 5, lines 1-24, "one type of 
encryption key suitable for use as secret parameter 302 is a RSA private encryption 
key", column 7, lines 19-48, column 8, lines 63-67 and column 9, lines 1-13 and 28-35); 
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and a controller for inputting from the communication terminal device the signed data 
set, forjudging using the public key and the signed data set whether the signed data set 
is signed by the external communication terminal device, wherein said controller 
recovers the same password as the password stored in said memory of said portable 
recording medium when it is judged that the signed data set is signed by the external 
communication terminal device, and outputs the recovered password to the 
communication terminal device (column 1, lines 66 and 67, column 2, lines 1-8, 31-47 
and 64-67, column 3, lines 1-10, column 4, lines 62-67, column 5, lines 1-24 and lines 
35-67, column 6, lines 1-11, column 7, lines 1 9-67, column 8, lines 1 -1 2, "posts the 
complementary authentication information to server process 216 or another server 
within the same domain so that the server will receive information sufficient to allow the 
client process to prove knowledge of the password" and lines 63-67 and column 9, lines 
1-13 and 28-35), 

wherein said controller does not recover the same password as the password stored in 
said memory of said portable recording medium when it is judged that the signed data 
set is not signed bv the external communication terminal device (Figure 5, element 506, 
"match?", Figure 7, element 708, "match?" and Figure 8, element 814, "match?", column 
3, lines 2-10, "the apparatus comprises authorization logic responsive to one of the 
plurality of passwords and the secret parameter for allowing access by the identified 
client process", column 5, lines 39-48, "the term 'key' may refer to any data or 
authentication information which is currently used by a process to partake in an 
authentication protocol. For example, keys 308 may comprise a password itself, a one- 
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way hash of a password, a public key corresponding to a private key derived from data 
including the password...", column 7, lines 34-39, "If the public key identifier received 
from process 216 does not match any of the public key identifiers 308C stored within ID 
file 300, the attempt to access server process 216 fails and the authentication process 
terminates" and column 10, lines 23-54, "If no match occurs, the process ends"). 

8. Regarding claim 44, Eldridge discloses wherein said memory stores a 
predetermined number indicating a number of the signed data set that is required to 
recover the password (Figure 4, column 2, lines 31-67, column 3, lines 1-10, column 4, 
lines 62-67, column 5, lines 1-14 and 35-55, column 6, lines 44-67 and column 7, lines 
1-14), 

wherein said controller counts a number of the signed data set when it is judged that the 
signed data set is signed by the external communication terminal device, recovers the 
same password as the password stored in said memory of said portable recording 
medium when the counted number of the signed data set reaches the predetermined 
number stored in said memory of said portable recording medium, and outputs the 
recovered password to the communication terminal device (Figures 3A, 3B, 5, 6B and 9, 
column 1, lines 66 and 67, column 2, lines 1-8, 31-47 and 64-67, column 3, lines 1-10, 
column 4, lines 62-67, column 5, lines 1-24, column 7, lines 19-48, column 8, lines 63- 
67 and column 9, lines 1-13 and 28-35). 

9. Regarding claim 45, Eldridge teaches a password recovery method for re- 
supplying a password using a communication terminal device and a portable recording 
medium coupled to the communication terminal device, the method comprising: 
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receiving, at the communication terminal device, from an external communication 
terminal device a signed data set, based on an indication for recovering the password 
from a user of the communication terminal device, the external communication terminal 
device guaranteeing legitimacy of the user of the communication terminal device and 
generating the signed data set with a secret key (Figures 3A, 3B, 5, 6B and 9, column 1 , 
lines 66 and 67, column 2, lines 1-8, 31-47 and 64-67, column 3, lines 1-10, column 4, 
lines 62-67, column 5, lines 1-24 and 56-67, column 7, lines 1-11 and 19-48, column 8, 
lines 63-67 and column 9, lines 1-13 and 28-35); 

outputting, at the communication terminal device, to the portable recording medium the 
received signed data set (column 1, lines 66 and 67, column 2, lines 1-8, 31-47 and 64- 
67, column 3, lines 1-10, column 4, lines 62-67, column 5, lines 1-24 and lines 35-67, 
column 6, lines 1-11, column 7, lines 19-67, column 8, lines 1-12, "posts the 
complementary authentication information to server process 216 or another server 
within the same domain so that the server will receive information sufficient to allow the 
client process to prove knowledge of the password" and lines 63-67 and column 9, lines 
1-13 and 28-35); 

storing, at the portable recording medium, the password and a public key corresponding 
to the secret key (Figures 3A, 3B, 5, 6B and 9, column 1 , lines 66 and 67, column 2, 
lines 1-8, 31-47 and 64-67, column 3, lines 1-10, column 4, lines 62-67, column 5, lines 
1-24 and 56-67, column 7, lines 1-11 and 19-48, column 8, lines 63-67 and column 9, 
lines 1-13 and 28-35); 

inputting, at the portable recording medium, from the communication terminal device the 
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signed data set (Figure 4, column 2, lines 31-67, column 3, lines 1-10, column 4, lines 
62-67, column 5, lines 1-14 and 35-55, column 6, lines 44-67 and column 7, lines 1-14); 
and j udging, at the portable recording medium, using the public key and the signed data 
set whether the signed data set is signed by the external communication terminal device 
(Figures 3A, 3B, 5, 6B and 9, column 1 , lines 66 and 67, column 2, lines 1 -8, 31 -47 and 
64-67, column 3, lines 1-10, column 4, lines 62-67, column 5, lines 1-24, "one type of 
encryption key suitable for use as secret parameter 302 is a RSA private encryption 
key", column 7, lines 19-48, column 8, lines 63-67 and column 9, lines 1-13 and 28-35); 
wherein, when it is judged by said judging that the signed data set is signed by the 
external communication terminal device, the portable recording medium recovers the 
same password as the password stored in the memory of the portable recording 
medium, and outputs the recovered password to the communication terminal device 
(column 1 , lines 66 and 67, column 2, lines 1 -8, 31 -47 and 64-67, column 3, lines 1 -1 0, 
column 4, lines 62-67, column 5, lines 1 -24 and lines 35-67, column 6, lines 1-11, 
column 7, lines 19-67, column 8, lines 1-12, "posts the complementary authentication 
information to server process 216 or another server within the same domain so that the 
server will receive information sufficient to allow the client process to prove knowledge 
of the password" and lines 63-67 and column 9, lines 1-13 and 28-35)^ 
wherein, when it is judged by said judging that the signed data set is not signed by the 
external communication terminal device, the portable recording medium does not 
recover the same password as the password stored in the memory of the portable 
recording medium (Figure 5, element 506, "match?", Figure 7, element 708, "match?" 
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and Figure 8, element 814, "match?", column 3, lines 2-10, "the apparatus comprises 
authorization logic responsive to one of the plurality of passwords and the secret 
parameter for allowing access by the identified client process", column 5, lines 39-48, 
"the term 'key' may refer to any data or authentication information which is currently 
used by a process to partake in an authentication protocol. For example, keys 308 may 
comprise a password itself, a one-way hash of a password, a public key corresponding 
to a private key derived from data including the password...", column 7, lines 34-39, "If 
the public key identifier received from process 216 does not match any of the public key 
identifiers 308C stored within ID file 300, the attempt to access server process 216 fails 
and the authentication process terminates" and column 10, lines 23-54, "If no match 
occurs, the process ends"). 

Claim Rejections - 35 USC § 103 
The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1 , 148 
USPQ 459 (1966), that are applied for establishing a background for determining 
obviousness under 35 U.S.C. 103(a) are summarized as follows: 

1 . Determining the scope and contents of the prior art. 

2. Ascertaining the differences between the prior art and the claims at issue. 

3. Resolving the level of ordinary skill in the pertinent art. 

4. Considering objective evidence present in the application indicating 
obviousness or nonobviousness. 
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Claims 35, 38 and 43 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Eldridge as applied to claims 34, 37 and 42, respectively, above, and further in 
view of United States Patent No. 6,947,571 to Rhoads et al., hereinafter Rhoads. 

10. Eldridge significantly discloses the claimed invention, as applied to claims 35, 38 
and 43, respectively, as cited above. However, Eldridge fails to disclose the claim 
limitations of claims 35, 38 and 43 with respect to the claim language of "expiration 
period" and "date/time information". Rhoads discloses these claim limitations, as cited 
below. 

1 1 . Regarding claims 35, 38 and 43, Rhoads discloses wherein said memory of said 
portable recording medium stores an expiration period for receiving the signed data set 
(column 54, lines 24-31 , column 66, lines 53-67 and column 67, lines 1-11), 

wherein the signed data set includes date/time information, the date/time information 
indicating a date and time at which the signed data set is generated at the external 
communication terminal device (column 67, lines 18-23), 

wherein said controller of the portable recording medium judges using the public key 
and the signed data set whether the signed data set is signed by the external 
communication terminal device and whether the date/time information is within the 
expiration period stored in said memory, recovers the same password as the password 
stored in said memory of said portable recording medium when it is judged that the 
signed data set is signed by the external communication terminal device and that the 
date/time information is within the expiration period stored in said memory, and outputs 
the recovered password to said communication terminal device (column 54, lines 24-31, 
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column 55, lines 9-18, "each part may be assigned a unique password", column 61, 
lines 25-29, column 63, lines 2-10, column 66, lines 53-67, column 67, lines 1-1 1 and 
column 77, lines 8-35). 

12. The motivation to combine would be that "if the previously used name and 
password are no longer valid, the user has to provide a valid name and password in 
order to continue embedding for the media owner" (Rhoads - column 77, lines 17-20). 

1 3. Therefore, it would have been obvious to one of ordinary skill in the art at the 
time the invention was made to incorporate the teachings of Rhoads with the teachings 
of Eldridge so that "access to the registration information is limited to only explicitly 
authorized accounts. Accounts are password protected" (Rhoads - column 55, lines 9- 
13). 

14. Claim 40 is rejected under 35 U.S.C. 103(a) as being unpatentable over Eldridge 
as applied to claim 37 above, and further in view of United States Patent No. 6,820,204 
to Desai et al., hereinafter Desai. 

15. Eldridge significantly discloses the claimed invention, as applied to claim 37, as 
cited above. However, Eldridge fails to disclose the claim limitation of claim 40 
pertaining to "a display for displaying the recovered password output from the portable 
recording medium". Desai discloses this limitation, as cited below. 

16. Regarding claim 40, Desai discloses a display for displaying the recovered 
password output from the portable recording medium (Figures 41 and 42, column 4, 
lines 32-67, "information exchange system and its storage system may be distributed 
across a plurality of devices", column 5, lines 66 and 67, column 6, lines 1-25, column 9, 



Application/Control Number: 10/684,400 Page 17 

Art Unit: 2431 

lines 19-31, column 15, lines 27-44 and 55-67, column 16, lines 1-3, column 20, lines 
36-67, column 21, lines 1-9, column 22, lines 23-43, column 27, lines 35-67 and column 
28, lines 1-18). 

1 7. The motivation to combine would be to provide "a system and method for 
information exchange that provides control over the content of stored information, as 
well as control over the access to the stored information" (Desai - column 3, lines 35- 
41). 

18. Therefore, it would have been obvious to one of ordinary skill in the art at the 
time the invention was made to incorporate the teachings of Desai with the teachings of 
Eldridge in order "to allow each respective registered user to access, edit and manage 
the registered user's profile data through a network device" (Desai - column 3, lines 45- 
62). 

Response to Arguments 

1 9. Applicant's arguments, see page 1 1 , filed 09/26/08, with respect to the objection 
to claims 34 and 42 have been fully considered and are persuasive. The objection to 
claims 34 and 42 has been withdrawn. 

20. With regards to the newly-added claim language of "wherein, when it is judged by 
said judging that the signed data set is not signed by the external communication 
terminal device, the portable recording medium does not recover the same password as 
the password stored in the memory of the portable recording medium", the Examiner 
asserts that Eldridge discloses said claim language within, but not limited to, Figure 5, 
element 506, "match?", Figure 7, element 708, "match?" and Figure 8, element 814, 
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"match?", column 3, lines 2-10, "the apparatus comprises authorization logic responsive 
to one of the plurality of passwords and the secret parameter for allowing access by the 
identified client process", column 7, lines 34-39, "If the public key identifier received 
from process 216 does not match any of the public key identifiers 308C stored within ID 
file 300, the attempt to access server process 216 fails and the authentication process 
terminates" and column 10, lines 23-54, "If no match occurs, the process ends". 

21 . The lack of recovery of the password, as claimed by the Applicant, is broadly 
interpreted by the Examiner to be disclosed by the, inter alia, "authorization logic 
responsive to one of the plurality of passwords and the secret parameter for allowing 
access by the identified client process" of Eldridge. It is understood that a "pass/fail" 
mechanism is a facet of an authorization procedure; thus if there is a lack of proper 
correlation between the components, the Applicant's claim limitation of "the portable 
recording medium does not recover the same password as the password stored in the 
memory of the portable recording medium" would occur. 

22. Regarding the Applicant's argument pertaining to that "Eldridge does not contain 
any disclosure regarding how to recover a password when a user forgets their 
password", it is noted that the features upon which applicant relies are not recited in the 
rejected claim(s). Although the claims are interpreted in light of the specification, 
limitations from the specification are not read into the claims. See In re Van Geuns, 988 
F.2d 1181, 26 USPQ2d 1057 (Fed. Cir. 1993). 
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Conclusion 

23. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. 

24. The following United States Patents and Patent Application Publication are cited 
to further show the state of the art with respect to the recovery of data, such as: 

United States Patent No. 7,083,090 to Zuili which is cited to show a remote and 
universal smartcard authentication and authorization device. 

United States Patent No. 6,185,308 to Ando et al., which is cited to show a key 
recovery system. 

United States Patent Application Publication No.20020034305 to Noyama et al., 
which is cited to show a method and system for issuing service and a method and 
system for providing service. 

United States Patent No. 6,178,511 to Cohen et al., which is cited to show 
coordinating user target logons in a single sign-on (SSO) environment. 

United States Patent No. 5,982,898 to Hsu et al., which is cited to show a 
certification process. 

United States Patent No. 6,971 ,005 to Henry et al., which is cited to show a 
mobile host using a virtual single account client and server system for network access 
and management. 

United States Patent No. 7,1 1 1 ,321 to Watts et al., which is cited to show a 
portable computer system with hierarchical and token-based security policies. 
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United States Patent No. 6,940,980 to Sandhu, et al., which is cited to show a 
high security cryptosystem. 

United States Patent No. 6,792,536 to Teppler, which is cited to show a smart 
card system and methods for proving dates in digital files. 

United States Patent No. 7,469,341 to Edgett, et al., which is cited to show a 
method and system for associating a plurality of transaction data records generated in a 
service access system. 

25. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to JEREMIAH AVERY whose telephone number is 

(571 )272-8627. The examiner can normally be reached on Monday thru Friday 8:30am- 
5pm. 

26. If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kim Vu can be reached on (571) 272-3859. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 
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27. Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

/Jeremiah Avery/ 
Examiner, Art Unit 2431 

/Christopher A. Revak/ 

Primary Examiner, Art Unit 2431 



